Reviewing the Privacy Act with a Digital Eye
The arguably antiquated law has been criticised for its failure to keep up with unrestrained data collection by online conglomerates as well as outdated definitions and security concerning personal information. With many advances in technological services, artificial intelligence, cloud computing and online business, it is imperative that Australian consumers are properly protected and trust an effective privacy regime to continue to enjoy free use of these modern technologies.
The review of the legislation principally covers:
the scope and application of the Privacy Act including:
the definition of “personal information”
current exemptions, and
general permitted situations for the collection, use and disclosure of personal information.
whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices including in relation to:
notification requirements
consent requirements including default privacy settings
overseas data flows, and
erasure of personal information.
whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act.
whether a statutory tort for serious invasions of privacy should be introduced into Australian law.
the impact of the notifiable data breach scheme and its effectiveness in meeting its objectives.
the effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks.
the desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.’
Importantly, the review encourages public participation and provides an opportunity for businesses, not for profit organisations and public sector agencies to voice their concerns surrounding the Privacy Act’s deficits. This will ensure that the privacy regulatory framework is reworked in a manner that directly benefits Australian consumers and businesses. It will be interesting to see how the review will factor in organisational and corporate liability, international interaction, and self-regulation. Public submissions will close on the 29 November 2020.
For further reading see ‘Review of the Privacy Act 1988’